[Mikrotik] High number of port 53 connections

Jeromie Reeves jreeves at 18-30chat.net
Fri Sep 10 22:20:55 CDT 2010


What is the equipment at their site? Sniff the traffic, is something
else using their radio as a dns proxy or as a dns ip tunnel?

On Fri, Sep 10, 2010 at 8:08 PM, RickG <rgunderson at gmail.com> wrote:
> Funny thing. I shut down their LAN port but it still keep doing it!?!?
>
> On Fri, Sep 10, 2010 at 10:19 PM, Jeromie Reeves <jreeves at 18-30chat.net>wrote:
>
>> If they keep going for a long period of time, it could be malware of
>> some type. I know that when I startup my firefox it makes about 200
>> dns hits very rapidly. This is with 30+ tabs saves in the workspace.
>> Also having a number of computers running can keep high number of dns
>> lookups going too. Trap the lookups and see if they look reasonable or
>> not.
>>
>> On Fri, Sep 10, 2010 at 6:52 PM, RickG <rgunderson at gmail.com> wrote:
>> > Any reason why a customer would have such a high number of connection to
>> > port 53? (see attached)
>> > -------------- next part --------------
>> > An HTML attachment was scrubbed...
>> > URL: <
>> http://www.butchevans.com/pipermail/mikrotik/attachments/20100910/70d2426a/attachment.html
>> >
>> > -------------- next part --------------
>> > A non-text attachment was scrubbed...
>> > Name: Image1.gif
>> > Type: image/gif
>> > Size: 161473 bytes
>> > Desc: not available
>> > URL: <
>> http://www.butchevans.com/pipermail/mikrotik/attachments/20100910/70d2426a/attachment.gif
>> >
>> > _______________________________________________
>> > Mikrotik mailing list
>> > Mikrotik at mail.butchevans.com
>> > http://www.butchevans.com/mailman/listinfo/mikrotik
>> >
>> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>> >
>> _______________________________________________
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20100910/eb181c52/attachment.html>
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
>


More information about the Mikrotik mailing list